{"id":82338,"date":"2016-05-13T06:30:39","date_gmt":"2016-05-13T11:30:39","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=82338"},"modified":"2017-04-07T19:30:19","modified_gmt":"2017-04-08T00:30:19","slug":"expert-insights-2-cyber-threats-security-caribbean-2016-update-part-2","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2016\/05\/expert-insights-2-cyber-threats-security-caribbean-2016-update-part-2\/","title":{"rendered":"Expert Insights 2: Cyber threats and security in the Caribbean 2016 update (part 2)"},"content":{"rendered":"

We continue our conversation with\u00a0network\/IT security professionals \u2013 part two of our second\u00a0instalment \u2013 on network\u00a0intrusion and security in the Caribbean, in the hope of gaining new insights for 2016.<\/em>
\nIn our previous\u00a0post, published on Wednesday, 11 May<\/a>, we shared the first part of our discussion with Hector Diaz of Intel Security (formally McAfee). To recap, Hector is the\u00a0\u00a0Regional Account Manager, Caribbean. In addition to his extensive experience in IT security in the region, Hector can draw on the knowledge bank of Intel Security, to provide some unique insights on cyber intrusions and threats across the Caribbean, and advice on how best to manage such situations.<\/p>\n

ICT Pulse:<\/strong> \u00a0Are you observing any real evidence of a greater willingness among organisations to take cyber\/network security more seriously? How is that awareness (or lack thereof) being manifested?<\/h4>\n

\"Pic_HectorHector Diaz: \u00a0<\/strong>There is definitely a greater willingness to take cybersecurity seriously. For example, we have participated in meetings with the CIO of Jamaica, Dominican Republic and Trinidad, we have seen how Cybersecurity occupies an important amount of government\u2019s investment on ICT not only from a technology perspective but from a training perspective for Security administrators as well as security awareness training for the general population that work on ministries and public institutions. But this is a process and it takes time, but definitely we\u2019re getting better as a region at a public\/state level.<\/p>\n

On the private sector, professionals are more prone to exchange ideas with their peers as opposed to 5 years ago where no one would share their best practices or their experiences on how to tackle Cybersecurity challenges. One example of that is the proliferation of associations of professionals in the area such as ISACA, ISSA and ISC\u00b2 chapters in the region where we have been able to participate and collaborate in places like Dominican Republic, Puerto Rico, Barbados, Jamaica, Trinidad and Curacao where cybersecurity professionals are organized around these chapters and they periodically meet to exchange ideas and best practices in an open forum.<\/p>\n

We also have seen initiatives in the financial sector to exchange threat intelligence across commercial\/private banks so as community they can be on top of emerging threats for the benefit of their own organisations as well as the public that receive their services.<\/p>\n

ICTP: \u00a0<\/strong>Have you observed any changes in end-user behaviour? Do you think IT staff have done enough sensitisation to bring about behavioural change in their users?<\/h4>\n

HD: \u00a0<\/strong>In terms of user behaviour, I think \u201cenough\u201d is not an applicable word, it has to be a constant\/permanent process. Depending on the maturity level of some organisations, we have seen multiple, structured programs to raise the awareness on how to protect the information, how stay safe while utilizing connected services and also the introduction of social engineering surveys to test user\u2019s behaviour but this is only on highly regulated institutions, primarily the banking sector. But I\u2019m optimistic that these practices are going to be soon applicable to the generality of companies, institutions and the connected population.<\/p>\n

ICTP: \u00a0<\/strong>As you are aware, there has been considerable concern and discussion about ransomware. If there is one thing people should know about this threat, what would that be? Can organisations recover their network data that has been corrupted by ransomware? What would be your best advice to minimise the effect of ransomware?<\/h4>\n

HD: \u00a0<\/strong>The rise of ransomware has been phenomenal, fleecing hundreds of millions of dollars from consumers, businesses, and even government agencies. This financial windfall for cybercriminals will fuel continued innovation, creativity, and persistence to victimize as many people as possible. The threat has found a soft spot, taking advantage of human frailties while targeting something of meaningful value to the victim, then offering remediation at an acceptable price point. This form of extortion is maturing quickly, exhibiting a high level of professional management, coding, and services. Ransomware is proving very scalable and difficult to undermine.<\/p>\n

Unfortunately, there are hundreds (if not, thousands) of variants and as I mentioned at the beginning of this interview, Opensource ransomware code and ransomware-as-a-service make it simpler and accessible to virtually anyone, the ability to create successful attacks and new variants. The security industry has been able to decrypt a few of these variants, but the rapid evolution and adaption of these threats makes the chance to recover the information very very small.<\/p>\n

As an example, you can find some information about how to unlock a very specific version of ransomware here: https:\/\/www.grahamcluley.com\/2016\/04\/petya-ransomware-unlock-tool\/<\/a><\/p>\n

But this is just one variant which doesn\u2019t really help compared to the universe of cases and affected individuals\/organisations.<\/p>\n

The best advice I can give to your audience, it is to take a three-step approach to ransomware:<\/p>\n

    \n
  1. User education and awareness:<\/strong> we have to engage with human resources departments to spread information and education throughout organisations around how to avoid ransomware not only to employees but also customers from those organisations.<\/li>\n
  2. Backup:<\/strong> when we talk about backing up information, this can be achieved through a general company policy that stores copies of user\u2019s information on a central repository and\/or through the first step of user education we have teach our users some simple actions they can follow to minimize the damage in the eventual affection of a ransomware:\n
      \n
    1. Use external drives for important files:<\/strong> criminals might be able to hack into your computer, but they can’t get to an external device if it isn’t connected to your PC or a network.<\/li>\n
    2. Use cloud storage as a second layer of backup:<\/strong> with the wide adoption of SSL and the numerous encryption tools that the security industry provides, it has become very easy and transparent to encrypt user\u2019s data and securely move it to the cloud.<\/li>\n<\/ol>\n<\/li>\n
    3. The implementation of a Threat Intelligence Model across the organization:<\/strong> Companies need to start evaluating these type of technologies that can augment the effectiveness of their current security layers through the exchange of threat data that can protect not one but all their security devices and assets.<\/li>\n<\/ol>\n

      \"IntelIncreasing support for cyberthreat-intelligence technical standards will help people understand exactly what is and is not included in a threat record and will broaden industry implementations. Although some organizations believe they stand a better chance of identifying and catching bad guys by themselves if they keep the attack details private, more and more realize that the changing nature of attacks makes sharing more valuable than secrecy. Standardization will also make it easier to combine and correlate multiple discrete observations into a larger and more accurate picture of a particular threat.<\/p>\n

      Catching modern, adaptive attacks is difficult for traditional endpoint and firewall defenses working in isolation because the attacks often mutate every few hours or days, faster than signature updates and scanning tools can keep up. The trend toward targeted attacks is also increasing interest in industry-specific cyberthreat intelligence.<\/p>\n

      At Intel Security, we are helping our customers in the evolution and implementation towards these type of frameworks through our Data Exchange Layer and Threat Intelligence Exchange. Both components integrate with 3rd<\/sup> parties to incorporate multiple sources of threat data to stay on top of advanced threats in almost real time.<\/p>\n

      ICTP: \u00a0<\/strong>Finally, are there any key areas businesses should be investing their network security\/IT dollars this year?<\/h4>\n

      HD: \u00a0<\/strong>As a cybersecurity strategist, I personally think that we should evaluate on the future risks and opportunities. There are a number of topics, technologies and business areas where I think we all must learn, discuss, and deliberate about now, so that we can be prepared for the near future:<\/p>\n